North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: aggregation & table entries
On 14-okt-04, at 22:27, Daniel Roesen wrote:
And what do you do with a BGP customer which sends you traffic from
The whole point of BCP38 is that this isn't supposed to happen.
Unfortunately we are living in reality.
Tell that to the customers with the unrealistic wishes.
Yes, these restrictions are a huge pain in the rear end but a denial of
For me, this has never been a big problem. (Not saying it isn't for anyone else.)What you actually want to know is what the ingress interfaces for the flows are.
Sure, that helps, but it doesn't shut up the packets. With real addresses you can build filters and/or contact the source. Yes, both are hard to do. But with spoofed sources there is pretty much nothing you can do except hope that your transit choices were good ones and they'll investigate.And if the ingress interface is not a p2p interface, from which peer.
If the bottleneck isn't your ingress it is possible to filter tens of thousands of real sources. If the sources are fake you need to do much more destructive filtering.Given that most DDoSses are mounted via huge zombie collections, there is not much point in knowing the real source IPs.